rhadamanthys

Sharing

Copy URL

Twitter E-mail

General

Target

Solara.zip
Size

13.4MB
Sample

240902-v68g6svapn
MD5

6fe0bb4598fba38e1c2dc25b084ae38e
SHA1

7514257cc85b0a2d4b218f43f9a8f4dd61c545cf
SHA256

ceaed51bfaf0862e89a1790376ff6969bcc7c266e2c7b73cf67f57ad3ca7a397
SHA512

232b90973680eadbf11851fa20dc1e0ffbcae86f14bd8b605964a593775705cdc69dcb3cd9a5ab66ce18785c2a098df75f58392b1c3d6a04f28c57541fdc632b
SSDEEP

393216:+H7gx90ywmq3gvGQ1HUPri1xktbsUjOBo+mt:u7e92v+PRUDi1QvaoTt

Score

10^/10

Malware Config

Extracted

Family

rhadamanthys

https://144.76.133.166:8034/5502b8a765a7d7349/k5851jfq.guti6

Targets

- Target
  
  Solara.zip
- Size
  
  13.4MB
- MD5
  
  6fe0bb4598fba38e1c2dc25b084ae38e
- SHA1
  
  7514257cc85b0a2d4b218f43f9a8f4dd61c545cf
- SHA256
  
  ceaed51bfaf0862e89a1790376ff6969bcc7c266e2c7b73cf67f57ad3ca7a397
- SHA512
  
  232b90973680eadbf11851fa20dc1e0ffbcae86f14bd8b605964a593775705cdc69dcb3cd9a5ab66ce18785c2a098df75f58392b1c3d6a04f28c57541fdc632b
- SSDEEP
  
  393216:+H7gx90ywmq3gvGQ1HUPri1xktbsUjOBo+mt:u7e92v+PRUDi1QvaoTt
Score

1^/10
behavioral1 behavioral2
- Target
  
  Password - github.txt
- Size
  
  17B
- MD5
  
  37681049ce7c84867108bfb4216689be
- SHA1
  
  f95e814713dfe83170513a6014aec373c9c0d006
- SHA256
  
  4ae8508642027b5e5373a40b38da75c2a36ee3e99f693650c0803168533dbbc7
- SHA512
  
  0b46362b0ae7afd192dee66e0fac2f213f2d93603adf9c2325eef23a22076f7eeccb2515313660881ebba1058fa5762f51eab143fb92c0c7e05b103a52d1b9fc
Score

1^/10
behavioral3 behavioral4
- Target
  
  Solara/Debug/Addition.dll
- Size
  
  30KB
- MD5
  
  f22e849a370cdf127f48beab596bdd81
- SHA1
  
  fb1da47c7a246f2cda7f7686a468efafd9933b1e
- SHA256
  
  8be1f5581437b6f5ba48705e8956c8bc0765bbd1d6053242640c75bd94048aa9
- SHA512
  
  6ded81fe4d4db69586d74fdb425c4fc8c092508e7e0b49eb141a9045abf40626d14659fa6237a3920e58571ca7acf4911cdf03c4307fd89b6dc5e54172afbc14
- SSDEEP
  
  768:Fol18SuOO3bBAughXjNPQsXVjWuu7jqWdTS2gS:er6tAugVjN4sXJYjqWdm2V
Score

1^/10
behavioral5 behavioral6
- Target
  
  Solara/Debug/Autoupdater.ini
- Size
  
  5KB
- MD5
  
  f78b8f3d265b4e9a706ed0aae70bdf9c
- SHA1
  
  6d73ad3954fd8fda80911071efca1910fd2d0a3d
- SHA256
  
  dcae62d049c4dd496effab6f02220bc270c6c098ebb55a5a6e55fbafad2974d2
- SHA512
  
  c44887c08d1239969aaf9934921f1a7341b87faded169136fcc0539d62de3104ecec0e3ac7a28eb3135cb449f58310b49f868963b64b920210d1c55104e7e7cb
- SSDEEP
  
  48:K3Px9Vz69T0oXIGXTWGXsP9JEX98TNx9P8k9zZ8G958d8lx9Vz69T0oXIGXTWGXe:FvTlEGvTlUOy
Score

1^/10
behavioral7 behavioral8
- Target
  
  Solara/Debug/DebugPPF.tmp
- Size
  
  11KB
- MD5
  
  b1e68fabd5c19aaa21de6351554aae2e
- SHA1
  
  66e7cf5d041a6ed9252ee4f6104ec0abb57d60b8
- SHA256
  
  63909409d9c79950289701c4a58605ea7fcd30703163fce0b4ac81204f0b3cca
- SHA512
  
  6e080f64d583e29a503282022ba587eb88903e2cf2bf943f9f9849fedf7f25dbfdeb02fae2803f03acf18b7a2bb37be1a1834e3b5ef7ef9098cfb0ee80a410dd
- SSDEEP
  
  192:fXBY6p0nsAXXOZfZz2zgJNGayrKy8pJErK7EuKr3eEohK11pS:PcnFneZz2zE/+rK7EuJ6S
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  Solara/Debug/DebugPPT.tmp
- Size
  
  11KB
- MD5
  
  4969578a5fd8d113ab7783812849c1ed
- SHA1
  
  580f84362a74337b2ed25bd58700e9a002e51bc9
- SHA256
  
  9f2b02ba814c2975a7b6ed5aa03345046a9c9d3036481a8a109b132a951e82a0
- SHA512
  
  49dc150be750ff0a5b03fbe384debcc136d6dad513fa1c6284469de8e8aed1b865b2bd8271937030818094bcc5358dde6e146e3c784dd88fa9681a84c7a557ef
- SSDEEP
  
  192:W7F8knwe/KZztz2XFuUpcWOEai+S7UeAJo9pDWhuDyG/WE8cHtENQmfsB:WNn1y1p2XMUpcWb+qUerShuDl+8HerfQ
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  Solara/Debug/Helper.dll
- Size
  
  189B
- MD5
  
  9bb9aba5dd893bbccfa45e2d75d55d26
- SHA1
  
  5714796513341ac3159a6a3c23d4769209063d35
- SHA256
  
  6b325cadd8992d998c4fbc8ed56079c2850b68ea2d38432d51c26ce82b0a5419
- SHA512
  
  f57df9a4a02bd17772acb3ac1a0d961c53f6940600b58834ae38c198a98ae651a21b382450b267aeffbca4ab262668ae471a78ed99bf9dfa414c1316056a289b
Score

1^/10
behavioral13 behavioral14
- Target
  
  Solara/Debug/Management.log
- Size
  
  8KB
- MD5
  
  ff765d6581fe6568aaae19de239b2e7a
- SHA1
  
  78b09b0ce2e59ce87f65251ea903842c1c77046a
- SHA256
  
  4dd051de9b04902fc59d411b1c27c42007cacca4ea52e88d71c897cad1d990cc
- SHA512
  
  8fa7c766fc1ac48408d964eb9844f9c4a2fb3e33357e736230024788ec71cb3c338397e16f8e556bbcaafd83c58f3af6a55ceaa9daff290b0e687093e5c97a2e
- SSDEEP
  
  192:+jfkNaok8wITITp8dNOgNH34lxeDKOgWNh0ctcoAd8dq5XrOGB3Wr:UkNaz8wWWp8dMA34lbLsq5Xqq3a
Score

1^/10
behavioral15 behavioral16
- Target
  
  Solara/Debug/Resource.dll
- Size
  
  10.7MB
- MD5
  
  641dadbb3f03938da99bf7c6c4cc482f
- SHA1
  
  b21bdb69a17642ade8e62fcbd779ff1bc89ea809
- SHA256
  
  883aefb081a1f9ef974ceb16e12c215e92fee13531c052279404bd11b2f8e479
- SHA512
  
  7aea5f0db9b261a17801124d6eef0df2d3ada4a6f624c8f4f2ee519a61171a3f06de9032493e3309a1a982fd1218613dde73a942942df2a8ec367e7f66a531f5
- SSDEEP
  
  196608:8B4DNtjVoWhIdAXplnpnh4uIKZ2K245peMKU3lRM9RVIO+QvSNG2uM+XGE4:04vWGIun1GKZ/2aZKU3lRvO+QvQgGP
Score

1^/10
behavioral17 behavioral18
- Target
  
  Solara/Debug/main.ini
- Size
  
  4KB
- MD5
  
  d2e799c6b2467a0a4aeb0cba508e8a30
- SHA1
  
  349e50e830cca26b03a0e32bac1f9045a72eb406
- SHA256
  
  d3d79eda930253d1ad388f60a56775f7d6bff80ce5a4e07c812d7d338fc93593
- SHA512
  
  f1d14875a6379b450eb5dc2513a1791ec65a6fb237db94a74621c70ca5d579428b7cded35ce3bece884faaabca4f0705de73fb5cc8b2d60be995b2be66cb20c2
- SSDEEP
  
  96:38acVNxLPdLB3fhvKSEnQRkB6Ip1ImmoM:38xxzd93fASEnNIy1ImmoM
Score

1^/10
behavioral19 behavioral20
- Target
  
  Solara/Debug/ukm_db
- Size
  
  96KB
- MD5
  
  98472e91a63229be8bf542ef28c56111
- SHA1
  
  65c3b300e972704246294d1b822d01a0eba36349
- SHA256
  
  502483b0d0d9ba2d0c50565c296cb685c9098cded6ffeb74f924eca85af11443
- SHA512
  
  424e7ebb1a8d97da12fffec76a4dbaa47b1bbb83974e2099a05cd89b7f9256f05439c3f63162bbb70deda86405afc9ee5a8952c428ded13f33c77d6676b4898c
- SSDEEP
  
  1536:ABvhM6JBRI3kYiZYVGVuA5F0tjogInznsHK+WtuRTvWXNZ1VMUP9H:SvhVBR2kYiNVuA5WjogInzMWtuRTvWXP
Score

1^/10
behavioral21 behavioral22
- Target
  
  Solara/Packaged/Main.ini
- Size
  
  1KB
- MD5
  
  7b53ebd64e5781e02eaefb6739a6b556
- SHA1
  
  d5332b200cf5dcea0419afdb66a15d89b9eb619f
- SHA256
  
  b975c9251ef7394dcc69f49e54dc5aa5e8df32f9b5e8c687484ddd840eb94d20
- SHA512
  
  c4a25c07e19760547e91818ba6e9ec3fe89206c29429668731c7563b7407cb56d8c0adca519bf96dc82a1631e82cfe63b68439cad4102ea2a1df438bac8400fd
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  Solara/Packaged/Resource.dll
- Size
  
  189B
- MD5
  
  4427aeee68321d0f4d7befa74e669f83
- SHA1
  
  4670003762a1c217c9e8ea48fcc53f2871a7c341
- SHA256
  
  a9661f89b8d957f4e71cbe1ba0342a39e5b50a1d80d974e2e1b349a273967f1b
- SHA512
  
  9d9156aa8fdebf19363fed2edb82235642c8c20549369470e44fdc0db41324e2160968fd7dd43eecce1ce3da9c03dd05cdefc8d903a9d0394f5ca9a73f5c5fa3
Score

1^/10
behavioral25 behavioral26
- Target
  
  Solara/Packaged/Utils.dll
- Size
  
  1KB
- MD5
  
  73e051427246dd4ca45935b1a4bd7e2d
- SHA1
  
  7216f05041252f1c3a9d84aacdf84ef62f1a1045
- SHA256
  
  b7b8b412ab1e4f32da8a7cd42aeaa6e7d8d340cf14977d3e87f7d8f5eb689b0f
- SHA512
  
  3fc10dea91962244389214d189c141466f5630e99b01af5761738ce884df14050cd08a43802dc45bbe9117290c34143b85a75694b6301954b51972180dca1e36
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  Solara/Solara.exe
- Size
  
  3.8MB
- MD5
  
  1245d11b34ec1d1cf09241a43106b075
- SHA1
  
  6689cf56e1aa6818469ac128ed270f28f8a1fcd3
- SHA256
  
  e1f1007d79a124c38d575bc31231d26519df4fe2721802515950eda34bd39048
- SHA512
  
  ffce20f6bc82c3b7be75c6b8c8d586c4260e476121a598c8805a73cc519038018accb2b598fd1b918894c44353963d10fb6bbd62ccb4c72d21d62f022c512502
- SSDEEP
  
  49152:OnIKDiiEdMRtBxB6sz1WQY8jVcnflWxaWzeiqtr/mq/mHjD0iCT:OnIKDiJcFzEQDcndWwWzstr/Z/
Score

10^/10

rhadamanthys discovery stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious use of SetThreadContext
behavioral29 behavioral30
- Target
  
  Solara/accessibilitycpl.dll
- Size
  
  274KB
- MD5
  
  f316026e08074300cbdcd8453bfd3116
- SHA1
  
  c7494558e98e42930b83349ea816963147242fba
- SHA256
  
  a28ef80b49f85f95f929d5c40245b05f95d58bb672764c3539ce69098db9bcc2
- SHA512
  
  cb205111f99cdd4ab930644dfc910f82015175c452be330dcdbee3cff3a07234bf6e77c5967a33fb02ec0bdd993b96b19964160a5511dcfa684a77508aede047
- SSDEEP
  
  6144:2f/fsr6htcMmmdxeAXXDoDGNIPTympgJp3P:O/fsr6hCtUxeLymW
Score

1^/10
behavioral31
- Target
  
  Solara/buffed/chidedOcurred.xml
- Size
  
  14KB
- MD5
  
  2cc7542482d486c23aa4fa8d77163776
- SHA1
  
  5ac932e3532023a113230c0a426eaa6d2b51284b
- SHA256
  
  0e4bf326bbd329a90a8a04e755d6c2f1f6f26d67b8db3295a4e15561b7b1707d
- SHA512
  
  df555bff92cabdd529088aa2071e9a4a4b5b766ed0b3183048ca46e769bd88101e4f5870dc699769f1b4383c591e73ad952adfc3c2c38256120b57ccdc387f52
- SSDEEP
  
  384:4wuVphEutg7Rv/6Qb+QsxcUUIVInnkuRQuM8:crh1+7Pb3sxfkn9QuM8
Score

3^/10

discovery
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Suspicious use of NtCreateUserProcessOtherParentProcess

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32